Skip to main content

Your connection is not private


Your connection is not private


Recently I was working with customer, were their external partner/customer sees security warning while join Skype for Business/Lync meeting from Chrome browser. Like above warning.

Why they joining meeting from browser? Remember Skype for Business / Lync meeting anyone join anonymously using browser without installing Skype for Business / Lync client on their machine.

Why certificate warning was showing?

This warning/error showed up is, because the website that runs on SHA-1 certificate, such websites are no longer supported by Chrome. There is no option to roll back to the older version of Chrome browser.

Customer was attempted to reach join.mydomain.com, but the server presented a certificate signed using a weak signature algorithm (such as SHA-1). This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).

Remember, that Microsoft already made plan to depreciate SHA1 ( http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx).

In my case customer was using Entrust secure certificate for their external web service / meeting join simple URL and that certificates are SHA1 algorithm based. You simply open certificate (MMC > Add/Remove Snap-in.. > Certificate > add >Computer account > OK) and click on Details and see algorithm. Refer the below Image.


Is there workaround to these join meetings using Chrome?

Yes, you can simply use different browser, as Internet Explorer, Firefox and Safari browsers are still supporting websites that’s runs on SHA-1 certificate.

If you want to meeting using Chrome browser then, click on “ADVANCED” then you will see option “Proceed to Join.mydomain.com (unsafe)” simply click and then you will get allowed to join this meeting. Refer below screenshot.


In case you don’t want to join meeting then simply click on “Back to safety”.

To permanently resolve certificate warning, you must request new certificate with all SAN (Subject Alternative Names) and SHA2 algorithm from your certificate provider to avoid such warning. Remember these certificates are expensive so take your own call before ordering new certificate. J

Thank you.

Comments

Popular posts from this blog

Outlook Add-in for Skype meeting getting disable after restarting Outlook.

Issue: Outlook Add-in for Lync meeting getting disable after restarting Outlook.
Problem Statement: Outlook Add-ins gets install automatically when Office 2013 installs (Lync and Skype for Business clients are part of Office package). Add-ins name is Lync Meeting Scheduling Outlook Addin or Skype meeting Add-in for Microsoft Office 2013. Sometime if other add-ins conflict with Outlook add-ins then outlook add-in keep getting disabled. And user has to enable it manually after Outlook restarts. 
Resolution: By default Lync Meeting Scheduling Outlook Addin or Skype Meeting Add-in for Microsoft Office 2013 installs wit load behavior "Load at Startup". However due to some conflict users Lync or Skype add-ins load behavior get changed to loaded instead of "Load at Startup" had to re-enable Lync Meeting Add-In in each time Outlook 2013 was started as it was not set to "Load at Startup". Look at the below screenshot. Now question is how we can change load behavior …

Unable to share desktop in Skype for Business?

Unable to share desktop in Skype for Business?
You can show your entire desktop or just a program to everyone in a Skype for Business Meeting, call, or instant messaging (IM) conversation. However sometime this feature does not work and give different errors.  Error message: ·Cannot start Desktop/Application Sharing due to network issues. ·An error occurred during the screen presentation. Resolution: There are multiple thing which may affect application/desktop sharing. 1.Make sure application / desktop sharing enabled on Skype for Business / Lync Server. SfB /Lync Control Panel > Conferencing > Conferencing policy > select Global or create new policy and set enable ‘Enable application and desktop sharing’. Refer below image. 2.Make sure your Skype for Business (Lync) client is updated with latest cumulative updates. Download latest update Skype (Lync) client. 3.Update your Video and Display drivers. a.Go to Start > Control panel. b.Search for Device Manager, and then open it. c.Find V…

Unable to login to Skype for Business client?

Unable to login to Skype for Business client? In order to sign-in on Skype (Lync) you must have login credential provided to you from your organization. ·Sign-in address: bilag@orgname.com ·User name: orgname\bilag ·Password: ************
Note: Orgname.com is my SIP domain name. Here are the most common mistake people make while sign-in on Skype for Business (Lync).
1.If you have login credential however still unable to sign-in then make sure you are putting proper login credential. Below error shows when you are wrong entering your sign-in address:
2.If you are writing correct Sign-in address however getting DNS error then contact administrator/ Support team there may be a DNS resolution or configuration issue. Administrator need to verify the SfB (Lync) AutoDiscover DNS records. 3.Sometime users password may expired/ lockout: Make sure that you password is not expire and lockout. If yes then call to helpdesk and reset your password / unlock. 4.Make user to have updated Skype for Business cli…